Credential stores for Password Reset

Credential stores for Password Reset

Credential stores hold user information such as user names and passwords that can be
used as login credentials. Examples include the User [sys_user] table or an Active Directory
server.

Users with the password_reset_admin or password_reset_credential_manager role can create and
modify connections to credential stores.

Remote credential stores

A remote credential store refers to any credential store other than the local ServiceNow instance. Remote credential
stores, such as Active Directory, manage user names and passwords outside of the local instance.
A remote credential store can also be a remote ServiceNow instance, a UNIX or Linux server, or any other directory-like
service that relies on the SOAP protocol. The Password ResetOrchestration Add-on plugin is required to
connect to remote credential stores. Review the information in the section on credential store
types before you create, test, or delete credential stores.

Credential store types

A credential store type is a set of workflows that specify how to connect to a credential
store. The base system includes example credential store types that you can use as models to
create custom types.

Represents a remote ServiceNow
instance. Installed with the Orchestration add-on.

Connection workflows for credential store types

A credential store type requires a subflow that defines how to connect to the store, and can
include an optional subflow that defines how to test the connection. Use the Pwd
reset – AD and Pwd Reset - Local subflows as models for your
custom connection workflows.

When the Orchestration Add-on plugin is activated, the Password Reset application can change passwords on an Active Directory credential store. The application changes passwords by referencing an Active Directory user role with the appropriate password change privileges.

Important: Before you delete the connection to a credential store, check all Password Reset processes to ensure that the credential store is not in use. If the credential store is being used by a process, update the process before deleting the credential store.